Today’s security and compliance environment is challenging, and no single vendor can solve the entire problem for you. CyberArk understands this, which is why we’ve created a powerful ecosystem of technology and channel partners that can provide you with a complete solution for your privileged access management and compliance requirements.

CyberArk’s award-winning software protects the high value assets of leading companies and government organizations around the world. We take that responsibility seriously. That’s why we only hire the best.

Data Breach

A data breach is a security incident in which malicious insiders or external attackers gain unauthorized access to confidential data or sensitive information such as medical records, financial information or personally identifiable information (PII). Data breaches are one of the most common and most costly types of cybersecurity incidents. They affect businesses of every size, industry and geography — and they occur with frightening regularity.

According to a 2019 Ponemon Institute Report, the odds of experiencing a data breach are one in four over a two-year period. The average total cost of a data breach now exceeds $3.9 million (about $150 per data record) and can range much higher when additional expenses, such as added threat detection and response, customer notifications, reputational damage and lost prospective business opportunities, are factored in.

Data Breaches can Result in Lost Business, Stiff Fines and Costly Settlements

Data breaches are particularly costly in heavily regulated industries like healthcare and financial services where the disclosure of personal data can result in fines and legal payouts. (Ponemon says the average total cost of a data breach is $6.45 million for healthcare organizations and $5.86 million for financial services firms.)

Some noteworthy data breaches in recent years include:

A 2019 data breach exposed the personal data of over 17 million Ecuadorian citizens. This breach is not only notable for its large scale, but also for the depth of information exposed. This included official government ID numbers, phone numbers, family records, marriage dates, education histories and work records.

A scandal erupted in 2018 when it came to light that Cambridge Analytica, a British political consulting firm, harvested the personal data from millions of people’s Facebook profiles without their consent and used it to target political ads. This cost Facebook $663,000 – the highest penalty possible at the time – for failing to sufficiently protect the personal information of its users.

In 2017, a data breach at Equifax exposed the personal information of 147 million people and resulted in a $700 million settlement with the credit reporting firm reimbursing individual consumers up to $20,000 each.

Data Breaches Come in a Variety of Flavors

Bad actors can gain access to confidential data in a variety of ways. The Identity Theft Resource Center, a non-profit group that provides assistance to victims of identity theft, tracks seven distinct types of data breaches:

Accidental Web/Internet Exposure where sensitive data or application credentials are accidentally placed in a location accessible from the web or on a public repository like GitHub.

Unauthorized Access where bad actors exploit authentication and authorization control system vulnerabilities to gain access to IT systems and confidential data.

Data on the Move where perpetrators access sensitive data transmitted in the clear using HTTP or other nonsecure protocols.

Endpoint threat detection and response tools to automatically identify and mitigate malware, phishing, ransomware and other malicious activity that can lead to a data breach.

Least privilege management practices to tightly align access rights with roles and responsibilities so that no one has more access than they need to do their job. This helps reduce attack surfaces and contain the spread of certain types of malware that rely on elevated privileges.

Learn More About Defending Against Data Breaches and Protecting Data Privacy